Major security flaw

However, a significant security loophole in the contactless system was revealed earlier this year that leaves users exposed to fraud.

The security flaw lies in whether a contactless payment is processed ‘online’ or ‘offline’ by a business.

When payments are processed online, the card machine instantly contacts the customer’s bank to check for sufficient funds and, if a card has been cancelled, it will be flagged – so there is less risk of fraud.

However, if a payment is processed offline, the card machine stores up a batch of payments to process online later. This process is allowing criminals to get away with using stolen contactless cards long after they’ve been cancelled.

What’s more, some banks don’t inform customers when their cancelled card is used and don’t check whether it was the customer who made the payment.

This policy puts the onus on customers to spot fraudulent payments and get a refund, when it should be something the banks are looking out for.

MPs from the Commons Treasury Select Committee have put pressure on the regulator to get banks to act on the flaw.

The Financial Conduct Authority (FCA) has agreed to take action to close the security loophole, but the UK Cards Association says that implementing measures to protect users will take until the end of June.

John Griffith-Jones, chairman of the FCA, wrote in a letter to the Commons Treasury Select Committee set out the action it will take to better protect contactless card users.

He stated its top priorities were to "remove any onus on customers to identify fraudulent transactions" and to work on "technical enhancements to reduce the likelihood of post-cancellation contactless fraud" with the industry.

He also said the FCA was exploring making sure the option to not have a contactless card was made more visible during card issuing and providing more information on the clearing times for contactless payments.

How to keep safe

If you are worried about contactless card here are a few steps to ensure you are using them safely.

Use a foil-lined wallet

There is some evidence that fraudsters are using contactless card readers to steal details from people to perform transactions in certain online stores.

A metal case can help keep this information safe from scammers. However, tin foil is also known to be just as effective at preventing the card from being read.

Never hand over your card

The UK Cards Association best practice guidelines states the card ‘should always stay in the customer’s hand’.

But often servers at pubs, restaurants, bars or shops will reach out to take your card and tap it themselves.

While this may be an innocent gesture it could also be a crafty way to ‘skim’ your card details from the magnetic strip.

Check your statements

You should regularly check your statements for suspicious transactions. If you spot any get in touch with your bank to challenge them.

Just say no

Banks are really keen for us to take up the technology, so most will issue contactless cards unless instructed otherwise. If you are worried about contactless card safety, see if your bank will issue you with a new card that doesn’t have this feature.

Lloyds, Halifax, HSBC, Nationwide, Santander, TSB and Barclays say they give customers a choice at sign up and would swap a contactless card for a contact card if a customer requested it.

Just Barclaycard, Royal Bank of Scotland and NatWest only offer contactless cards and customers don’t have the choice to opt out.

What to do if you fall victim

If you lose or have your contactless bank card or payment device stolen, contact your provider immediately to cancel the card.

You should continue to monitor your statements daily to keep track of any contactless spending that isn’t yours and report it to your bank.

Fraudulent activity via contactless cards are protected by the same rules that apply to other card payments.

So, if you fall victim your bank should refund you the money as long as it wasn’t down to your own negligence.

Remember even though payments don’t require a PIN, card issuers will limit the number of contactless transactions that can be made in a day before a PIN is asked for to prevent fraud.